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RELATED APPLICATIONS 
This application is related to co-pending and commonly assigned U.S. Application 
Serial Number 09/703,057, entitled "System And Method For IP Router With an Optical 
Core," filed October 31, 2000, the disclosure of which is hereby incorporated herein by 
reference. 



TECHNICAL FIELD 
This application relates to the field of commimication networks, and particularly to 
large-scale routers for optical communication networks. 



25014034.1 



591 82-P009US- 1 0020646 



2 



PATENT 



BACKGROUND 

Transmission Control Protocol (TCP) is an underlying connection protocol that is 
typically used for all types of network communication. A route is essentially the mapping of 
an IP address to an egress port of a router. Different network routers set up connections with 
their peer routers using operating systems, for example Border Gateway Protocol (BGP) over 
TCP or OSPF (Open Shortest Path First) over Internet Protocol (IP) to determine that they get 
route information from their peers, allowing them to construct essentially an internal map of 
the network and to select the route that they should use, as well as verification that their peers 
are operating correctly. This is accomphshed by sending various keep-alive packets back and 
forth to make sure that their peers are still correctly functioning. Routes are used internally 
within a router, for example a Master Control Processor (MCP) communicates through an 
Ethernet control network (CNET) within a router with the shelf control processors, each of 
which have individual IP addresses. Processes including routing applications, for example 
Dynamic Routing Protocol (DRP), run on these operating systems. Sockets are end points of 
communication associated with a process. A particular process can have more than one 
socket. 

In a router with a large number of ports, for example 320 ports, that communicates 
with peer routers, it is advantageous to subdivide that single large router logically into several 
smaller virtual routers, each of which can be individually configured. There can be separate 
departments in a large company, or an Internet provider wanting to partition a large router 
among chents, for example for security reasons. However, previous implementations of 
subdividing routers having large numbers of ports have been cumbersome. 
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SUMMARY OF THE ESTVENTION 
The present invention is directed to a system and method which logically partition a 
host router into virtual router domains that run independent processes and routing application 
copies but share a common operating system. Each v-net domain manages an independent 
set of interface ports. Each process manages an independent set of sockets. 

5 In some embodiments a v-net domain architecture is used to partition a host router. 

Some v-net domains support virtual routers, whereas other v-net domains support only 
internal router processes and management applications. Thus, not every v-net domain 
supports a virtual router. A single v-net domain can support more than one process. A v-net 
facility can advantageously separate route tables used internally from the externally visible 
1 0 routes, making network management easier and more transparent. With separate v-net 

domains for example, the IP address of an internal shelf control processor does not conflict 
with the same EP address that is assigned elsewhere on the Internet. In a v-net 
implementation, duplicate arrays of global variables are instantiated in each virtual router 
domain and are accessed by macro references. 

1 5 A common FreeBSD operating system rumiing on the MCP supports a dynamic 

routing protocol (DRP) application. Each new virtual router is independently managed by its 
own copy of the DRP application for as many virtual routers as exist. If something goes awry 
in one DRP copy, it does not affect other copies. Each v-net domain manages a separate set 
of the interfaces associated with the host router, which provide connections to peer routers. 

20 For example, if a host router has 320 ports, one v-net domain can manage 120 ports or 

interfaces, and another v-net domain can manage another 120 ports. All of these ports and 
interfaces can be interchangeably partitioned. For each Synchronous Optical Network 
(SONET) port on a line card, there is an interface (IF) data structure in FreeBSD that 
represents that SONET port. Any interface can be associated with only one v-net at one time, 

25 but can be moved among v-nets to reconfigure the host router. Traffic is removed from an 
interface while it is being moved. At a high level the host router is partitioned, and each 
partition normally is managed by an independent copy of the DRP software. In an 
administrative sense, each of these partitions is logically independent. 
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Certain activities are still managed across the entire host router, for example failure 
reporting of hardware in the host router, which is machine specific, and therefore is a 
resource shared by all of the partitions. 

This partitioning also allows the routes between the individual components such as 
the line cards and processors internal to a router to be contained in route tables separate from 
externally visible routes. Partitioning the router also facilitates testing, such that one partition 
might be used for normal network traffic and another might be used to test for example new 
software or new network configurations for new types of protocols. Additionally, a degree of 
redundancy is achieved, such that failure of one partition generally does not adversely affect 
another partition sharing the same host router. 

Various aspects of the invention are described in co-pending and commonly assigned 
U.S. Application Serial Number 09/703,057, entitled "System And Method For IP Router 
With an Optical Core," filed October 31, 2000, the disclosure of which has been incorporated 
herein by reference. 

The foregoing has outlined rather broadly the features and technical advantages of the 
present invention in order that the detailed description of the invention that follows may be 
better understood. Additional features and advantages of the invention will be described 
hereinafter which form the subject of the claims of the invention. It should be appreciated by 
those skilled in the art that the conception and specific embodiment disclosed may be readily 
utilized as a basis for modifying or designing other structures for carrying out the same 
purposes of the present invention. It should also be realized by those skilled in the art that 
such equivalent constructions do not depart from the spirit and scope of the invention as set 
forth in the appended claims. The novel features which are believed to be characteristic of 
the invention, both as to its organization and method of operation, together with further 
objects and advantages will be better understood from the following description when 
considered in connection with the accompanying figures. It is to be expressly understood, 
however, that each of the figures is provided for the purpose of illustration and description 
only and is not intended as a definition of the limits of the present invention. 
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BRIEF DESCRIPTION OF THE DRAWING 
For a more complete understanding of the present invention, reference is now made to 
the following descriptions taken in conjunction with the accompanying drawing, in which: 

FIGURE 1 is a logical diagram illustrating the principles of router virtual networking, 
according to an embodiment of the present invention. 
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DETAILED DESCRIPTION 
In embodiments of the present invention, a host network router is logically partitioned 
into multiple virtual networking domains sharing a common operating system. FIGURE 1 is 
a logical diagram illustrating the principles of router virtual networking, according to an 
embodiment of the present invention. In the implementation of FIGURE 1, a host router 10 
5 is logically partitioned into v-net domains 12, 14, and 16 that are associated with networking 
systems. Each v-net 12, 14, 16 has a unique v-net ID address 13, 15, 17, in accordance with 
network protocols. Host router 10 and each of v-nets 12, 14, 16 are further logically 
subdivided into two spaces, shown in FIGURE 1 separated horizontally by a solid hne, 
namely a user level 1 8 and a kernel level 20 of the shared common operating system (OS), 

. 1 0 for example a version of FreeBSD. The present FreeBSD operating system runs on the host 
router Master Control Processor (MCP), described for example in U.S. Application Serial 
Number 09/703,057, entitled "System And Method For IP Router With an Optical Core," 
filed October 31, 2000, cited above, the disclosure of which has been incorporated herein by 
reference, and the dynamic routing protocol (DRP) application software runs on top of 

15 FreeBSD. 

An operating system contains within it logical notions called processes 22-26, for 
example Internet Management Application 22, DRP 23, 25, or Simple Network Management 
Protocol (SNMP) agent application 24, 26, running on v-nets 12, 14, and 16. Different 
individual v-nets can manage the same, different, single, or multiple processes. V-net 

20 domains 14 and 16, each running DRP and SNMP processes, are virtual routers, whereas 
v-net domain 12, running only an internal management application, is not a virtual router. 
The present FreeBSD operating system supports multiple processes, among which are DRP 
23, 25, SNMP 24, 26, and Internal Management Application 22. Each process occupies 
some user level space 18 and also some operating system kernel level space 20. User level 

25 space 1 8 includes the application and the values of all the application variables (not shown in 
FIGURE 1), whereas OS or kernel level space 20 of the process includes internal data that the 
kernel maintains with each process. Typical examples of internal kernel data include 
descriptors or descriptions of open files and the ID of the user that owns the process, 
attributes that are added to each process associated with a particular v-net. 
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Among other things associated with a particular v-net are interfaces, for example 
interfaces 42-1 through 42-3 associated with v-net 12. An interface represents for example a 
particular physical hardware Ethernet card, gigabit Ethernet card, or SONET line card 
interconnected with a remote router. This allows partitioning of host router interfaces, such 
that for example interfaces 42-1 through 42-3 contain v-net ID 13 of v-net 12 with which they 
are associated. V-net domain 12 maintains an interface hst 42-0 pointing to interfaces 42-1 
through 42-3. Similarly v-net domain 14 maintains an interface Hst 43-0 pointing to 
interfaces 43-1 through 43-3 carrying v-net ID 15 of v-net domain 14, and v-net domain 16 
maintains an interface list 45-0 pointing to interfaces 45-1 through 45-3 carrying v-net ID 17 
of v-net domain 16. 

Each process 22-26 can create sockets, which are end points of communication 
associated with a process, for example sockets 32-1 through 32-3 associated with process 22 
in v-net domain 12. A particular process can have more than one socket. Each socket has a 
v-net ID associated with it, for example sockets 32-1 through 32-3 each contain v-net ID 13 
of v-net 12. In v-net 12, management application 22 maintains a descriptor table, for 
example file descriptor table 32-0 of v-net 12, holding references to sockets 32-1 through 
32-3 and to files, which are each associated with specific apphcation 22. Similarly, in v-net 
14, DRP application 23 maintains descriptor table 33-0, holding references to sockets 33-1 
through 33-3 and to files associated with apphcation 23, and SNMP application 24 maintains 
descriptor table 34-0 holding references to sockets 34-1 through 34-3 and to files associated 
with application 24. Likewise in v-net 16, DRP apphcation 25 maintains descriptor table 

35- 0, holding references to sockets 35-1 through 35-3 and to files associated with apphcation 
25, and SNMP application 26 maintains descriptor table 36-0 holding references to sockets 

36- 1 through 36-3 and to files associated with application 26. 

Sockets are partitioned basically according to the domain in which communication 
takes place. Each of the things done to the socket is interpreted in the context of the 
particular v-net in which the socket is created, and therefore the socket carries that particular 
v-net identifier. The process has a v-net identifier, because when a process creates a new 
socket, which it is able to do, each socket that it creates is then created in a process of that v- 
net identifier. For example, if a process is associated with v-net 0 creates a socket, then that 
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socket is automatically associated with v-net 0, gets its routing tables from v-net 0, and can 
then use all of the interfaces that are assigned to v-net 0. A process can, however, change its 
v-net identifier and thereby its v-net association, for example by moving logically from v-net 
0 to v-net 1, and can then create a new socket associated with v-net 1, which uses routing 
tables and interfaces of v-net 1, which are disjoint with the interfaces for v-net 0. 

Once a socket is created, it cannot be moved to another v-net, but remains in the 
domain in which it was created. However, a process, by changing its v-net identifier, can 
then create sockets in multiple domains. Consequently, a process can essentially 
communicate across domains by creating a socket in each one, but each socket, throughout its 
existence, is fixed in its original domain. Multiple sockets created by a process are distinctly 
different from a single socket that is simply interpreted in different ways. For example a 
single process can create ten distinct sockets in one domain and five distinct sockets in 
another domain. For example, socket 35-4 is created in v-net domain 12 by DRP apphcation 
25 and carries v-net ID 13, although socket 35-4 is referenced in descriptor Hst 35-0 of DRP 
application 25, which is now in v-net domain 16. Likewise, socket 33-4 is created in v-net 
domain 12 by DRP application 23 and thus carries v-net ID 13, although socket 33-4 is 
referenced in descriptor list 33-0, which is now in v-net domain 14. A socket is destroyed 
when a process exits or when a process closes down the communication end point 
represented by that socket. After a socket is destroyed, it is no longer associated with any 
domain, and the memory associated with it is freed. 

If for example v-net 14 and v-net 16 are two networking domains of host router 10, 
and if v-net 14 is a production network carrying hve traffic with production code in it, or 
production network connections carrying real customer fraffic, then a socket associated with 
v-net 14 is operating in that v-net's space and has routing tables 48 for that v-net to route live 
traffic. Consequently, if the socket were to select a particular IP address, that IP address 
would use production routing tables 48. A different socket in a different v-net 16 is for 
example used for a small test bed and contains a different set of routing tables 50. 
Accordingly, when a message is sent on v-net 16 with an IP address, that IP address is 
interpreted in the context of v-net 16 running the small test bed. 
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Global variables are variables that are accessible to all the various logical contexts or 
threads of execution that are running concurrently within an operating system. Thus a global 
variable is not on the stack of a particular thread. Accordingly, all global variables are 
available to every process that is running within the operating system. Global variables 
5 include at least at the top level, for example, the IP address of a machine or a copy of the 
routing tables so that a process knows where to send packets. There are a certain set of 
global variables associated with the networking code, and in order to make the networking 
codes support partitioning, the set of global variables associated with networking are 
replicated, one copy 47 for each v-net domain, such that the operating system effectively 

1 0 contains, rather than one copy of the networking data structures, N instantionations of the 
networking stack, rephcating all the various functions of the networking code, including 

I replicated routing tables and replicated TCP control blocks linked together throughout the 

basic data structure. Thus, effectively all of the important variables in the networking system 
are repUcated, so that they can be independently managed. This can be thought of as an 

15 operating system with N instantiations of the networking system. 

- The basic approach of the v-net code is to take global variables that need to be 

replicated for each v-net domain, and to make an array of them. As an example tcpstat, the 
tcp statistics structwe, is declared in tcp_var.h struct tcpstat { ...} and defined in tcpjnput.c 
as struct tcpstat tcpstat. To have a separate set of statistics for each v-net domain requires 

20 changing the definition to struct tcpstat tcpstat [NVNET] and changing all references to index 
by the appropriate v-net domain number. 

To make v-net facility a configuration option, the declarations and references are 
encapsulated in macros. The macros generate arrays when v-nets are configured in and 
scalars when v-nets are deconfigured. As an example the tcpstat declaration becomes 
25 VDECL (struct tcpstat, tcpstaT), in which the first macro argument is the type, and the second 
macro argument is the name. It will be noted that the variable name is changed firom tcpstat 
to tcpstaT. This convention is followed throughout the global variable generation, i.e., 
variables that are virtualized and global across more than one file are changed to have the 
final letter in their name capitalized. This is done for three reasons: 
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1) to differentiate global variables from local variables and/or types of the same 
name for readability, 

2) to ensure that all references to global variables are fixed appropriately (by 
causing a compile error if the variable name is not changed); and 

3) to denote global variables plainly for possible future changes. 

References to virtualized variables are made using one of two macros, _v(name), or 
_V{name, index), where name is the variable name and index is the v-net domain index to be 
used. The macro _v uses a per CPU global index variable vnetindex. It will be noted that all 
references to virtuahzed variables must be made with these macros, without exception, so that 
the references are correct without requiring #ifdef s when v-nets are configured or 
deconfigured . 

In addition to defining a methodology that handles virtualization of variables, a 
selection is needed of the correct set of global variables to be replicated for each v-net 
domain, and the replicated variables need to be correctly referenced by macros in the 
appropriate v-net domain. For example, global variables can be identified by using a script 
that analyzes object (_o) files for the global variables they define, by code inspection, or by 
information from other sources (see for example the tables of global variables in TCP/IP 
Illustrated, Volume 2: The Implementation, Gary R. Wright and W. Richard Stevens, 
Addison- Wesley 1995, p. 64, 97, 128, 158, 186, 207, 248, 277, 305, 340, 383, 398, 437, 476, 
572, 680, 715, 756, 797, 1028, and 1051). 

The following Appendix A is basically a table of the global variables that are 
virtuahzed in some implementations, listing the name and the purpose of the variable. The 
variables that are virtualized are generally marked "virtualized" in the table. Although 
virtualized variables shown in the table are usually marked "virtuahzed," other variables in 
the table have been analyzed but excluded from virtuahzation. All of the "virtualized" 
variables are essentially rephcated, such that each v-net maintains its own set of these 
variables. Then macros, program conventions that allow textural substitution, are provided, 
such that everywhere a global variable is accessed, a replacement access is a macro reference 
selected from the correct set of variables based on the correct v-net. 
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In the present embodiment, multiple networking domains are implemented by the 
same operating system, unlike previous approaches, in which for example a computer is 
subdivided into virtual domains that partition the hardware and run separate operating 
systems in each domain. 



APPENDIX A. VARIABLE ANALYSIS 

NOTE: In the Analysis/Disposition column, "Virtualized" means the variable becomes an array when vnets are 
configirred (see the description above); "Invariant" means a separate instance of the variable is not needed for 
different vnet domains; and "Not Virtualized" means there was a choice about virtualization (e.g., whether a 
Tunable could have a different value in different domains), but the choice was made not to virtualize the 
variable. 



Variable 


Data Type 


Defining File 


Description 


Analysis/ 
Disposition 


Head 


static struct 
router info * 


igmp.c 


Head of router_info linked list. 


Vntualized. 


Addmask_key 


static char * 


radix, c 


Temporary storage for 
m addmask. 


Invariant. 


arp_allocated 


static int 


if_ether.c 


Total number of llinfo_arp 
structures allocated. 


Virtualized. 


arp_inuse 


static int 


ifether.c 


Current nimiber of Uinfoarp 
structures in use. 


Virtualized. 


arprnaxtries 


static int 


if_ether.c 


Tunable. Maximum number of 
retries for an arp request. 


Tunable. Not 
virtualized. 


arp proxyall 


static int 


if^ether.c 


Tunable. Enables forming a 


Tunable. Not 
virtualized. 


arpinitdone 


static int 


if_ether.c 


Indicates initialization is done. 


Invariant. 
Initialization 
handles all 


arpintrq 


struct ifqueue 


if_ether.c 


Arp interrupt request queue. 
Shared by all vnets. Vnet 
switching when pulled off 
queue. 


Invariant. 


arpt_down 


static int 


if_ether.c 


Tunable. No. of seconds 
between ARP flooding 
algorithm. 


Tunable. Not 
virtualized. 


arptkeep 


static int 


if_ether.c 


Tunable. No. seconds ARP 
entry valid once resolved. 


Tunable. Not 
virtualized. 


arpt_prmie 


static int 


if^ether.c 


Tunable. No. seconds between 
checking ARP list. 


Tunable. Not 
virtualized. 


bpf_bu.fsize 


static int 


bpf.c 


Tunable. 


Tunable. Not 
virtualized. 


bpf_cdevsw 


static struct 
cdevsw 


bpf.c 


Table of entry point function 
pointers. 


Invariant. 


bpf devsw instal 
led 


static int 


bpf c 


Initialization flag. 


Invariant. 


bpf_dtab 


static struct 
bpf d 

(NBPFILTER) 


bpf.c 


Descriptor structure, one per 
open bpf device. 


Invariant. 


bpfdtabinit 


static int 


bpf c 


Another initialization flag. 


Invariant. 
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Variable 


Data Type 


Defining File 


Description 


Analysis/ 
Disposition 


bpfjflist 


static struct 


bpf.c 


Descriptor associated with each 
attached hardware interface. 


Invariant. 


clns_recvspace 


static u_long 


raw_clns.c 


Constant (patchable). Amount 
of receive space to reserve in 
socket. 


Not virtualized. 


clns_sendspace 


static u long 


raw_clns.c 


Constant (patchable). Amount 
of send space to reserve in 
socket. 


Not virtualized. 


clns_usrreqs 


struct pr_usrreqs 


raw_clns.c 


Function pointers for clns user 
requests. 


Invariant. 


clnsg 


struct clnsglob 


rawclns.c 


Global state associated with 
ray_clns.c, including list heads 
and counters. 


Virtualized. 


clnsintrq 


struct if queue 


raw_clns.c 


Clns interrupt request queue. 
Shared by all vnets. Vnet 
switching done when removed 
from queue. 


Invariant. 


clnssw 


struct protosw 


raw_clns.c 


Pointers to protocol entry 
points & associated data. 


Invariant. 


counter 


static u_int64 t 


ip_fw.c 


Counter for ipfw report. 


Virtualized. 


div_recvspace 


static u long 


ip_divert.c 


Amount of receive space to 
reserve in socket. 


Invariant. 


div sendspace 


static u long 


ip divert, c 


Amount of send space to 
reserve in socket 


Invariant. 




static struct 
inpcbhead 


ip_divert.c 


Head of inpcb structures for 
divert processing. 


Virtualized. 


divcbinfb 


static struct 
inpcbinfo 


ip_divert, c 


Pcbinfo structure for divert 
processing. 


Virtualized. 




static struct 
sockaddr 




Sockaddr prototype. 


Invariant. 


errjprefix 


char[] 


ipfw.c 


Constant string for printfs. 


Invariant. 


etherbroadcastad 
dr 


u_char [6] 


if_ethersubr.c 


Constant. Efhemet broadcast 
link address. 


Invariant. 


expire_upcalls_c 


static struct 
callout handle 


ip_mroute.c 


Callout handle for 
expire_upcalls. 


Virtualized. 


fcstab 


static u_short 
[256] 


ppp_tty.c 


Constant. Table for FCS 
lookup. 


Invariant. 


frag_divert_port 


static ushort 


ipinput.c 


Divert protocol port. 
Conditionally compiled iwith 
IPDIVERT. 


? 


fw_debug 


static int 


ipfw.c 


Tunable. Enables debug print. 


Not virtualized. 


fw_one_pass 


static int 


ipfw.c 


Tunable. Enables accepting 
packet if passes first test. 


Not virtualized. 




static int 




Tunable; controls verbosity of 
firewall debugging messages. 


Not virtualized. 


fw_verbose_limit 


static int 


ipfw.c 


Tunable. Limits amount of 
logging. 


Not virtualized. 


have encap tuiin 
el 


static int 


ipinroute.c 


Indicates presence of an 
encapsulation tunnel. 


Virtualized. 


icmpbmcastecho 


static int 


ipicmp.c 


Timable flag. Disables 
broadcasting of ICMP echo and 
timestamp packets. 


Not virtualized. 
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Variable 


Data Type 


Defining File 


Description 


Analysis/ 
Disposition 


icmpdst 


static struct 


ip icmp.c 


Saves the source address for 


Virtualized. 


icmpgw 


static struct 
sockaddrin 


ip_icmp.c 


Holds the ip source address in 
icmp_input. 


Virtualized. 
May not be 


icmplim 


static int 


ipicmp.c 


Tunable. ICMP error-response 
band with limiting sysctl. 


Not virtualized. 


icmpmaskrepl 


static int 


ipicmp.c 


Tunable flag. Enables ICMP 
niHsk replacement. 


Not virtualized. 


icmpprintfs 


int 


ip_icmp.c 


Enables printfs in icmp code. 


Not virtualized. 


icmpsrc 


static struct 
sockaddr_in 


ip_icmp.c 


Holds the ip dest address in 
icmp_input. 


Virtualized. 
May not be 
necessary 


icmpstat 


static struct 
icmpstat 


ip icmp.c 


Icmp statistics. 


Virtualized. 


11 lIlQcA. 






Number of configured 
interfaces. 


Virtualized. 


ifindexliM 


static iQt 


if.c 


Number of entries in 
ifiiet_addrS array. 


Virtualized. 


ifneT 


struct ifnethead 


if.c 


Head of list of ifiiet structures. 


Virtualized. 


ifnet_addrS 


struct iffaddr ** 


if.c 


Array of pointers to link level 
interface addresses. 


Virtualized. 


ifqmaxlen 


int 


if.c 


Constant. Maximum queue 
length for interface queue. 


Invariant. 


igmp_all_hosts_g 
roup 


static ulong 


igmp.c 


Host order of 

INADDR_ALLHOSTS_GROU 
P constant 


Invariant. 


igmpallrtrsgr 


static u_long 


igmp.c 


Host order of 

TXTAT^T^T> ATTOT'C /~'T>r^TTD 
IrMAUUK. ALL/K.ib LiKUUr 

constant. 


Invariant. 


igmp_timers_are 
running 


static int 


igmp.c 


Flag indicating any igmp timer 
is active. 


Virtualized. 


igmprt 


static struct route 


igmp.c 


Temporary variable. 


Invariant. 


igmpstat 


static struct 
igmpstat 


igmp.c 


Igmp statistics. 


Virtualized. 


in_ifaddiheaD 


struct 

in_ifaddrhead 


ip_input.c 


Head of in_ifaddr structure list. 


Virtualized. 


in_interfaces 


static int 


in.c 


Incremented each time a non- 
loopback interface is added to 
in ifaddrheaD. Not read. 


Invariant. 
Never read. 
Dead code. 


inmultiheaD 


struct 

inmultOiead 


rn.c 


Head of hst of 
in_multistmctures (multicast 
address). 


Virtualized. 


inetclerrmap 


u_char [] 


ip_inputc 


Array of constants (error 
numbers). 


Invariant. 


inetdomain 


struct domain 


in_proto.c 


Pointers to switch table, 
initialization, etc. for internet 
domain. 


Invariant. 


inetsw 


struct protosw 


in_proto.c 


Pointers to entry points for 
various internet protocols. 


Invariant. 


inited 


static int 


ifc 


Flag indicating initialization 
has been performed. 
Initialization does all vnets. 


Invariant. 
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Variable 


Data Type 


Defining File 


Description 


Analysis/ 
Disposition 


ip_acc eptsourcer 
oute 


static mt 


ip uiput.c 


acceptance of source routed 
TmS>le Default time to live 


Tunable. Not 
virtualized. 


ip QCfttl 




ip input c 


from RFC 1340. 


Tunable. Not 
virtualized. 


ipdivertcookiE 


u intl6 t 


ip_divert.c 


Cookie passed to user process. 


Virtualized. 


ip divert poiT 


u short 


ip divert.c 


Global "argument" to 
div input. Used to avoid 
changing prototype. 




ipdosourceroute 


static int 


ip input, c 


Tunable flag. Enables acting as 
a router. 


Tunable. Not 
virtualized. 


lp_fw_chaiN 


struct ipfwhead 


ip_fw.c 


Head of ip firewall chains. 


Virtualized. 


ip_fw_chk_ptr 


ip_fw_chk_t * 


ip uiput.c 


IP firewall function callout 
pointer; value depends on 
loading fw module. 


Invariant. 


ip_fw_ctl_ptr 


ip_fw_ctl_t * 


ip_iaput.c 


IP firewall function callout 
pointer; value depends on 


Invariant. 


ipfwdefaultru 


struct 

ip fw cliain* 


ipfw.c 


Pointer to default rule for 
firewall processing. 


Virtualized. 


ipfwfwdaddR 


struct 

sockaddr in * 


ipmput.c 


IP firewall address. 


Virtualized. 


ipID 


u short 


ip_output.c 


IP packet identifier 
(increments) . 


Virtualized. 


ipmcastsrc 


ulong (*)(nit) 


ip_mroute.c 


Pointer to function; selection 
depends on compile options. 


Invariant. 


ip_mforward 


int(*)(struct ip *, 
struct ifnet *, ...) 


ip_mroute.c 


Function pointer set by module 
installation. 


Invariant. 


ipmrouteR 


struct socket * 


iprnroute.c 


Socket of multicast router 
program. 


Virtualized. 


ipmrouterdone 


iiit(*)(void) 


ipmroute.c 


Function pointer set by module 
installation. 


Invariant. 


ipmrouterget 


int (*)(stmct 
socket *, struct 
sockopt *) 


iprnroute.c 


Function pointer selected by 
compile options. 


Invariant. 


ipiraouterset 


int (*)(struct 
socket *, struct 
sockopt *) 


ipmroute.c 


Function pointer selected by 
compile options. 


Invariant. 


ip_nat_clt_ptr 


ip nat ctl t * 


ip_input.c 


IP firewall function callout 
hook; set by module install. 


Invariant. 


ip_nat_ptr 


ip_nat_t * 


ipinput.c 


IP firewall function callout 
hook; set by module install. 


Invariant. 


ip_nhops 


static int 


ip input, c 


Hop count for previous source 
route. 


Virtualized. 


ip protox 


[PROTO_MAX] 


ipmput.c 


Maps protocol numbers to 
inetsw array. 




iprsvpD 


struct socket * 


ipinput.c 


Pointer to socket used by rsvp 
daemon. 


Virtualized. 


ip_rsvp_on 


static int 


ip_input.c 


Boolean indicating rsvp is 
active. 


Virtualized. 


ipsrcrt 


struct ip srcrt 


ip_input.c 


Previous source route. 


Virtualized. 


ipaddR 


struct 

sockaddr in 


ipinput.c 


Holds ip destination address for 
option processing. 


Virtualized. 
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ipflowS 


static struct 
ipflowhead 


ipflow.c 


Hash table head for ipflow 
structs. 


Virtualized. 


ipflow active 


static int 


ip_flow.c 


Tunable. Enables "fast 
forwarding" flow code. 


Invariant. 


ipflow inuse 


static int 


ip flow.c 


Count of active flow structures. 


Virtu3.1izcd . 


ipforward rt 


static struct route 




TmaMe^fcai^embales?^^'^^"^ 




iforwarding 




ip input, c 


forwarding. 


Virtualized 


ipintrq 


struct ifqueue 


ip input, c 


incoming packets. Vnet set 
when packets dequeued. 




ipport firstauto 


static int 


ip pcb.c 


Bounds on ephemeral ports. 


Invariant. 


ipportliifirstauto 


static int 


ip_pcb.c 


Bounds on ephemeral ports. 


Invariant. 


ipporthilastauto 


static int 


ip_pcb.c 


Boimds on ephemeral porte. 


Invariant. 


ipport lastauto 


static int 






Invariant. 


ipport_lowfirstau 
to 


static int 


ip_pcb.c 


Bounds on ephemeral ports. 


Invariant. 


o 




ip pcb.c 


Bounds on ephemeral ports. 


Invariant. 


"Ipq™^^^ 


static ^ct i 


ip_"jput.c 


Flag for debug print. 


Invariant. 




[IPREASS_NHA 
SH] 


ip mput.c 


Head of ip reassembly hash 
lists. 


Virtualized. 


ipqmaxlen 


static int 


ipinput.c 


Patchable constant that sets 
maximum queue length for 
ipintrq. 


Invariant. 






ip mput.c 


Tunable that enable sending 
redirect messages. 


Invariant. 






ip mput.c 


Ip statistics counters. 


Virtualized. 


k_igmpsrc 


static struct 
sockaddr in 


ipmroute.c 


Prototype sockaddr_in. 


Invariant. 


lastadjustedtim 


static int 


iprmx.c 


Time value of last adjusted 
timeout. 


Virtualized. 


last_encap_src 


static u long 


iprnroute.c 


Cache of last encapsulated 
source address? 


Virtualized. 


last_encap_vif 


struct vif * 


ipmroute.c 


Last encapsulated volume tag 
(vif). 


Vutualized. 


lastzeroed 


static int 


radix, c 


Number of b5^es zeroed last 
time in addmask key. 


Invariant. 




int (*)(int) 


ip mroute.c 


Pointer to function selected by 
module installation. 


Invariant. 


llinfo_arP 


struct 


ifether.c 


Head of llinfo_arp linked list. 


Virtualized. 


log_m_vain 


static int 


tcpinput.c 
udp usrrecj.c 


Tunables that enable logging of 


Invariant. 


loif 


Struct ifnet 
[NLOOP] 


ifloop.c 


Array of ifhet structs fro 
loopback device. One per 
device, therefore invariant. 


Invariant. 


mask_mhead 


struct 

radix_node_head 


radix.c 


Head of mask tree. 


Invariant. 


max_keylen 


static int 


radix.c 


Maximum key length of any 
domain. 


Invariant. 
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maxnipq 


static int 


ipinput.c 


Constant (nmbcluslter/4) that is 
maximum number of ip 
fragments waiting assembly. 
Note: should this be scaled by 
VNET*^ 


Invariant? 
ocaieu.' 


mfctable 


static struct mfc* 
[MFCTBLSIZ] 


ip mroutec 


Head of mfc hash table. 


— J ~ 

V irtualized. 


mrt ioctl 


int (*)(int, 
caddr_t, struct 
proc*) 


ip mroute.c 


Function pointer selected by 
module initialization. 


Invariant. 


mrtdebug 


static u int 


ipmroute.c 


Enables debug log messages. 


Invariant. 


mrtsta.t 


static struct 
mrtstat 


ip mroute.c 


Multicast routing statistics. 


Vrrtualized. 




static int [] 


ip icmp.c 


Static table of constants. 


Invariant. 


multicast decap — 
if ~ " 


[MAXVIFS] 


ip mroute.c 


Fake cncapsulator interfaces. 


Vrrtualized. 


iphdr 


static struct ip 


ip mroute.c 


Multicast encapsulation header. 


Invariant. 


nexpire 


static u cTiax 
[MFCTBLSIZ] 


ip mroute.c 


Count of number of expired 
entries in hash table? 


Vntualized. 


nipq 


static int 


ip_input.c 


Number of ip fragment chains 
awaiting reassembly. 


Virtualized. 


normal chars 


static char [] 


radix.c 


Static table of mask constants. 


Invariant. 


nousrreqs 


static struct 
prusrreqs 


in_proto.c 
ipx_proto.c 


Static structure of null function 
pointers. 


Invariant. 


null_sdl.96 


static struct 
sockaddrdl 


ifether.c 


Static null sockaddr_dl 
structure. 


Invariant. 


numvifs 


static vifi_t 


iprnroute.c 


Nimiber of virtual interface 
structures. 


Virtualized. 


old_chk_ptr 


static 

ip_fwclik;_t 


ipfw.c 


Function pointer holding 
previous state when module 
loads. 


Invariant. 


old_ctl_ptr 


static ip_fw_ctl_t 


ipfw.c 


Function pointer holding 
previous state when module 
loads. 


Invariant. 


paritytab 


static unsigned 
[8] 


ppp_tty.c 


Static array of parity constants. 


Invariant. 


pimassert 


static int 


ip_mroute.c 


Enables pim assert processing. 


Virtualized. 


ppp_compressors 


static struct 
compressor [8] 


if_ppp.c 


Static list of known ppp 
compressors. 


Invariant. 


7 

ppp_softc 
pppdisc 


struct ppp softc 
[NPPP] 


^ 

if_ppp.c 


Array of softc structures for 
ppp driver; one per device. 


Invariant. 


raw_recvspace 


static ulong 


rawcb.c 


Patchable constant that is 
reserve in socket. 


Invariant. 


raw_sendspace 


static u long 


rawcb.c 


Patchable constant that is 
amount of send space to reserve 
in socket. 


Invariant. 


raw_usrreqs 


struct protosw 


raw_usrreq.c 


Table of function pointers. 


Invariant. 


rawcblisT 


struct 

rawcb list head 


rawcb.c 


Head of rawcb (raw prototocol 
control blocks) list. 


Virtualized. 


rawclnsdomain 


struct domain 


raw_clns.c 


Table of fimction pointers. 


Invariant. 
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riprecvspace 


static ulong 


raw_ip.c 


Tunable, amount of receive 
space to reserve in socket. 


Tunable. Not 
virtualized. 


ripsendspace 


static u_long 


raw_ip.c 


Txmable, amount of send space 


Tunable. Not 


rip_usrreqs 


struct pr_usrreqs 


raw_ip.c 


Table of function pointers. 


Invariant. 




inpcbhead 


















ripsrc 


static struct 


raw_ip.c 


Static temporary variable in 


Invariant. 


m_nikfreelist 


static struct 
radix mask* 


radix.c 


Cache of free radix_mask 
structures. 


Invariant. 




static char * 


radix. c 


One mask computed firom 
maximum key length. 


Invariant. 








maximiun key length. 






static struct route 


ip_mroute.c 


Temporary variable to hold 
route. 


Invariant. 


route cB 


struct route cb 




Counts on the number of 
routing socket listeners per 
protocol. 


Virtualized. 


route_<ist 


static struct 
sockaddr route 


rtsock.c 


Null address structure for 
destination. 


Invariant. 


route_proto 


static struct 
sockproto 


rtsock.c 


Static prototype of structure 
used to pass routing info. 


Invariant. 


route_src 


static struct 
sockaddr 


rtsock.c 


Null address structure for 


Invariant. 


routeusrreqs 


static struct 
pr_usrreqs 


rtsock.c 


Table of function pointers for 
entry points. 


Invariant. 


routedomain 


struct domain 


rtsock.c 


Table of function pointers for 
entry points. 


Invariant. 


route alert 


static struct mbuf 


igmp.c 


Statically constructed router 
alert option. 


Invariant. 


routesw 


struct protosw 


rtsock.c 


Table of function pointers for 
entry points. 


Invariant. 


rsvpoN 


int 


ipinput.c 


Count of number of open rsvp 
control sockets. 


Virtualized. 


rsvpsrc 


static struct 
sockaddr in. 


ipniroute.c 


Sockaddr prototype. 


Invariant. 


rsvpdebug 


static uint 


ipniroute.c 


Enables debug print. 


Invariant. 


rttableS 


struct 

radix node head 
* [AF_MAX+1] 


route.c 


Head of the routing tables (a 
table per address family.) 


Virtualized. 


rtc|_miareallyold 


static int 


in_Tmx.c 


Tunable; minimum time for old 


Invariant. 


rtq_reallyold 


statinc int 


in_rmx.c 


Amount of time before old 
routes expire. 


Virtualized. 


rtq_timeout 


static int 


in_rmx.c 


Patchable constant timeout 
value for walking the routing 
tree. 


Invariant. 


rtq_toomany 


static int 


inrmx.c 


Tunable that represents the 
number of active routes in the 
tree. 


Invariant. 
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rtstaT 


struct rtstat 


route.c 


Routing statistics structure. 


Virtualized. 




static int 


route.c 


Number of rtentrys not linked 
to ttie routing table. Never read, 
dead code. 


Dead code. Not 
virtualized. 


sa_zero 


struct sockaddr 


rtsock.c 


Zero address return in error 
conditions. 


Invariant. 


sm 


static struct 
sockaddr inarp 


ifether.c 
if mroute.c 


Sockaddr prototype passed to 
rtallocl. 


Invariant. 


^^^^ 


static struct 
sl_soft [NSL] 


rfsLc 


Softc structure for slip driver; 
one per device. 


Invariant. 


slipdisc 


static struct 
linesw 


1 _s .c 


Table of function pointers to 
slip entry points. 


Invariant. 


srctim 


static rut 


ip mroute.c 


Counter throttling error 
message to log. 


Invariant. 


subnets arelocal 


static int 


in.c 


Tunable flag indicating subnets 
are local. 


Virtualized. 


tbfdebug 


static u int 


ip mroute.c 


Tbf debug level. 


Invariant. 


IDIlttUiC 


static struct tbf 
[MAXVIFS] 


ip mroute.c 


Token bucket filter structures. 


Virtualized. 




struct inpcbhead 


tcp_input.c 


Head structure for tcp pcb 
structures. 


Virtualized. 


tcbinfO 


struct inpcbinfo 


tcpinput.c 


PCB info structure for tcp. 


Virtualized. 


tcp_backoff 


int[] 


tcp_tinier.c 


Table of times for tcp backff 
processing. 


Invariant. 


tcp_ccgeN 


tcpcc 
(u_int32_t) 


tcp_input.c 


Connection count (per rfc 
1644). 


Virtualized. 


tcp_delack_enabl 


int 


tcp_input.c 


Tunable that enables delayed 
acknowledgments . 


Tunable. Not 
virtualized. 


tcp_do_rfcl323 


static int 


tcpsubr.c 


Tunable enables rcf 1323 
(window scaling and 
timestamps.) 


Tunable. Not 
virtualized. 


tcp_do_rfcl644 


static int 


tcp_subr.c 


Tunable enables rfc 1644. 


Tunable. Not 
virtualized. 


tcp_keepcnt 


static int 


tcp_timer.c 


Patchable constant for 
maximum number of probes 
before a drop. 


Invariant. 


tcpkeepidle 


int 


tcptimer.c 


Tunable value for keep alive 
idle timer. 


Tunable. Not 
virtualized. 


tcp keepinit 




tcp_timer.c 


Timable value for initial 
connect keep alive. 


Tunable. Not 
virtualized. 


tcp_maxidle 




tcptimer.c 


Product of tcp keepcnt * 
tcp keepintvl; recomputed in 
slow timeout 


Invariant. 


tcpmaxpersistidl 


static int 


tcptimer.c 


Patchable constant that is 
default tune before probing. 


Invariant. 


tcp_mssdflt 


int 


tcp_subr.c 


Timable default maximum 
segment size. 


Tunable. Not 
virtualized. 


tcp_noW 


ulong 


tcpinput.c 


500 msec, counter for RFC1323 
timestamps. 


Virtualized. 


tcp_outflags 


u char 

[TCP NSTATES 
] 


tcp_fsm.h 


Static table of flags in 
tcpoutput. 


Invariant. 


tcp_rttdflt 


static int 


tcp_subr.c 


Tunable. Dead code, value not 


Invariant. Dead 
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accessed. 




tcp_sendsp ace 


— ^— 

u_ong 


tcp usrreq 


Tunable value for amount of 
send space to reserve on socket. 


Tunable, Not 
virtualized. 


tcp totbackoff 


static lilt 


tcp timer.c 


Sum of tcp backoff. 


Invariant. 


tcp_usrreqs 


struct pr_usrreqs 


tcpusrreq.c 


Table of function pointers for 
tcp user request functions. 


Invariant. 


tcprexmtthresh 


static int 


tcpinput.c 


Patchable constant; number of 
duplicate acks to trigger fast 
retransmit. 


Invariant. 

— — 


tcpstaT 


struct tcpstat 


tcp_iiiput.c 


TCP statistics structure. 


Virtualized. 


tun__cdevsw 


struct cdevsw 


iftun.c 


Table of function pointers for 
tunnel interface entry points. 


Invariant. 


tundevswinstal 


static itit 


if_tun.c 


Flag indiating tun devsw table 
installed. 


Invariant. 


tunctl 


static struct 
tun softc 
[NTUN] 


iftun.c 


Softc structure for tunnel 
interface; one per device. 


Invariant. 


tundebug 


static lilt 




Flag enables debut print. 


Invariant. 


udb 


static struct 
inpcbhead 


udpusrreq.c 


UDP inpcb head structure. 


Virtualized. 


udbinfo 


static struct 
iapcbinfo 


udp_usrreq.c 


UDP inpcb info, structure. 


Virtualized. 


udp_in 


static struct 
sockaddrin 


udpusrreq.c 


Prototype sockaddr for 
AFINET. 


Invariant. 


udprecvspace 


static ulong 


udpusrreq.c 


Timable; amount of receive 
space to reserve on socket. 


Tunable. Not 
virtualized. 


udpsendspace 


static u_long 


udp_usrreq.c 


Tunable; amount of send space 
to reserve on socket. 


Tunable. Not 
virtualized. 


udpusrreqs 


struct prusrreqs 


udp_usrreq.c 


Table of function pointers for 
entry points. 


Invariant. 


udpcksum 


static int 


udpusrreq.c 


Tunable; enables udp 
che cksumimng , 


Tunable. Not 


udpstat 


struct udpstat 


udpusrreq.c 


Udp statistics structure. 


Virtualized. 


useloopback 


static iat 


ifether.c 


Tunable; enables use of 
loopback device for localhost. 


Tunable. Not 
virtualized. 




static int 


ip_rnroute.c 


Version number of MRT 
protocol. 


Invariant. 


viftable 


static struct vif 
[MAXVIFS] 


ip_niroute.c 


Table of vifs (virtual interface 
structure). 


Virtualized. 


zeroin_addr 


struct in addr 


in_pcb.c 


Zero'd internet address. 


Invariant. 



Although the present invention and its advantages have been described in detail, it 
should be understood that various changes, substitutions and alterations can be made herein 
without departing from the spirit and scope of the invention as defined by the appended 
claims. Moreover, the scope of the present application is not intended to be limited to the 
5 particular embodiments of the process, machine, manufacture, composition of matter, means, 
methods and steps described in the specification. As one of ordinary skill in the art will 
readily appreciate from the disclosure of the present invention, processes, machines, 
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manufacture, compositions of matter, means, methods, or steps, presently existing or later to 
be developed that perform substantially the same function or achieve substantially the same 
result as the corresponding embodiments described herein may be utilized according to the 
present invention. Accordingly, the appended claims are intended to include within their 
scope such processes, machines, manufacture, compositions of matter, means, methods, or 
steps. 
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